DDoS And Infrastructure Attacks Among The Biggest Threats In 2014

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.techweekeurope.co.uk/news/cisco-ddos-infrastructure-attacks-among-biggest-threats-2014-136297

The number of threats facing individuals and businesses online has grown 14
percent in a single year, according to the Annual Security Report published
by Cisco.

Multipurpose Trojans proved to be the most widely-used type of malware in
2013, responsible for 27 percent of all infections, followed by malicious
scripts (23 percent) and data theft Trojans (22 percent).  Ninety-nine
percent of all mobile malware targeted Android devices, with
Andr/Qdplugin-A obtaining something of a celebrity status, since it was
responsible for almost 44 percent of mobile infections.

Cisco has warned that the industry is being put under pressure by the rapid
adoption of cloud technologies and the emergence of new types of networked
devices as well as a worldwide cyber security skill shortage.

Bad year.

The firm has been publishing the Annual Security Report for the past 13
years and predicts that in 2014 businesses will be facing increasingly
sophisticated attacks from organised and well-funded cybercriminals that
are a far cry from the ‘black hat’ hackers of old. Social engineering, a
method used to psychologically manipulate victims in order to obtain
sensitive information, is also set to be big in 2014.

According to the report, the number of security alerts issued around the
world had grown 14 percent between October 2012 and October 2013. Data from
Sourcefire, now a part of Cisco, indicates that Java continues to be the
most frequently exploited programming language, involved in a whopping 91
percent of the so-called ‘indicators of compromise’.

The company says that the increase in the number of malware strains was
mainly fuelled by the growing numbers of mobile devices and proliferation
of cloud, which offered a greater “attack surface”. The arrival of new
classes of devices, such as smart watches and smart glasses, is expected to
expand the variety of malicious programs even further.

This year’s Consumer Electronics Show (CES) in Las Vegas featured wearable
technology from Sony, Samsung, LG, Archos, Adidas, Garmin, Razer and dozens
of other manufacturers. All of these devices are networked, and thus can be
hacked – yet another headache for the CSO.

DDoS Threat

Cisco says that over the course of the past year, the Distributed Denial of
Service (DDoS) attacks have increased in both volume and severity, and are
now often used as a supporting tool, to divert attention from data theft.

“Over the past couple of years DDoS attacks have become an issue for a wide
range of organisations as the spread of motivations behind them has
broadened,” explains Darren Anstee, Solutions Architect Team manager at
Arbor Networks. “DDoS attacks are now being used as a distraction from
fraudulent activities, to disguise data exfiltration or for competitive
takeout – DDoS is just one of the tools that cyber-criminals use to achieve
their goals.

“To ensure protection from these threats, organisations must have
multi-layered DDoS protection in place, using both cloud AND
network-perimeter components.”

Meanwhile, the industry is facing a shortage of almost one million cyber
security professionals, which means many smaller organisations simply don’t
have resources to deal with the non-stop attempts to breach the networks
and steal data.

“Although the Cisco Annual Security Report paints a grim picture of the
current state of cyber security, there is hope for restoring trust in
people, institutions and technologies – and that starts with empowering
defenders with real-world knowledge about expanding attack surfaces,”
commented John Stewart, SVP and CSO for Threat Response Intelligence and
Development at Cisco.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.